Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e968b45 by Abhijith PA at 2019-12-21T14:55:05Z
Vulnerable code added in a later version. Jessie version has different
method for chopping file names. Only three or four character is allowed
as extention in jessie's otrs.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12152,6 +12152,7 @@ CVE-2019-18181 (In CloudVision Portal all releases in
the 2018.1 and 2018.2 Code
NOT-FOR-US: CloudVision Portal
CVE-2019-18180 (Improper Check for filenames with overly long extensions in
PostMaster ...)
- otrs2 <unfixed> (bug #945251)
+ [jessie] - otrs2 <not-affected> (vulnerable code not present)
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE:
https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e968b4569b50764b6b43472d4b7e8ce04f4c031
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e968b4569b50764b6b43472d4b7e8ce04f4c031
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
